Question No.21

Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be email, PC, network shares, and applications. After all restrictions have been lifted, which of the following should the information manager review?

Data retention policy

Legal hold

Chain of custody

Scope statement

Correct Answer: B

Question No.22

Which of the following system would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect … secrecy?

Endpoints

VPN concentrators

Virtual hosts

SIEM

Layer 2 switches

Correct Answer: B

Question No.23

Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work fromvarious locations on different computing resources, several sales staff members have signed up for a web-based storage solution without the consent of the IT department. However, the operations department is required to use the same service to transmit

certain business partner documents. Which of the following would BEST allow the IT department to monitor and control this behavior?

Enabling AAA

Deploying a CASB

Configuring an NGFW

Installing a WAF

Utilizing a vTPM

Correct Answer: B

Question No.24

A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor#39;s cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization plan to leverage?

SaaS

PaaS

IaaS

Hybrid cloud

Network virtualization

Correct Answer: B

Question No.25

There have beenseveral exploits to critical devices within the network. However, there is currently no process to perform vulnerability analysis. Which the following should the security analyst implement during production hours to identify critical threats and vulnerabilities?

asset inventory of all critical devices

Vulnerability scanning frequency that does not interrupt workflow

Daily automated reports of exploited devices

Scanning of all types of data regardless of sensitivity levels

Correct Answer: B

Question No.26

A breach was caused by an insider threat in whichcustomer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities?

Protocol analyzer

Root cause analyzer

Behavioral analytics

Data leak prevention

Correct Answer: D

Question No.27

A company is acquiring incident response and forensic assistance from amanaged security

service provider in the event of a data breach. The company has selected a partner and must now provide required documents to be reviewed and evaluated. Which of the following documents would BEST protect the company and ensure timely assistance? (Choose two.)

RA

BIA

NDA

RFI

RFQ

MSA

Correct Answer: CF

Question No.28

The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following:

End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.

A host-based whitelist of approved websites and applications that only allow mission-related tools and sites

The use of satellite communicationto include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?

Malicious actors intercepting inbound and outbound communication to determine the scope of the mission

Family membersposting geotagged images on social media that were received via email from soldiers

The effect of communication latency that may negatively impact real-time communication with mission control

The use of centrally managed military network and computers by soldiers when communicating with external parties

Correct Answer: A

Question No.29

An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including:

Indemnity clauses have identified the maximum liability

The data will be hostedand managed outside of the company#39;s geographical location

The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project#39;ssecurity consultant recommend as the NEXT step?

Develop a security exemption, as it does not meet the security policies

Mitigate the risk by asking the vendor to accept the in-country privacy principles

Require the solution owner to accept the identified risks and consequences

Review the entire procurement process to determine the lessons learned

Correct Answer: C

Question No.30

An organization is considering the use of a thin clientarchitecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations. Which of the following are security advantages of the use of this combinationof thin clients and virtual workstations?

Malicious insiders will not have the opportunity to tamper with data at rest and affect the integrity of the system.

Thin client workstations require much less security because they lack storage and peripherals that can be easily compromised, and the virtual workstations are protected in the cloud where security is outsourced.

All thin clients use TPM for core protection, and virtual workstations use vTPM for core protection with both equally ensuring a greater security advantage for a cloud-hosted environment.

Malicious users will have reduced opportunities for data extractions from their physical thin client workstations, this reducing the effectiveness of local attacks.